claes@canit.se (Claes Bjorklund) writes: >Is this this cgi script dangerous? the idea with the script to let the >www-user do simple mathematics, but I am affraid they can do some thing >dangerous, is there any differnts with Unix or Mac? > >$math = $FORM{'calc'}; >$res=eval "$math"; >[...] This script is very dangerous indeed. Think of what happens if some user decides that "unlink" is a mathematical operator! The solution for this is to eith use the Safe module (but I have never really tried that on MacPerl) or to do a sanity check on $math before evaluating it. (Forbidding more than 3 successive alphabetic characters, for instance, allows sin and cos while forbidding most (all?) dangerous operators). Matthias ----- Matthias Neeracher <neeri@iis.ee.ethz.ch> http://www.iis.ee.ethz.ch/~neeri "I'm set free to find a new illusion" -- Velvet Underground ***** Want to unsubscribe from this list? ***** Send mail with body "unsubscribe" to mac-perl-request@iis.ee.ethz.ch